﻿<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%option explicit%>
<%
Dim RZ_IN
RZ_IN=1
%>
<!--#include file="../conn.inc.asp" -->
<!--#include file="admin_inc/admin.function.asp" -->
<!--#include file="admin_inc/admin.sqlfunction.asp" -->
<%
'作者：山林客（ah_bill）
'博客：http://ruizhinet.blog.163.com
'网站：http://www.ruizhinet.cn
'本信息不会影响您网站的正常访问，请保留
dim myURL,Action,sql,rs,MyPage,i
checkadmin(4)
dim page
page=GetIntQueryString("page")
Server.ScriptTimeout=500						
myURL=Request.ServerVariables("URL")
Action=Request.QueryString("Action")
Select Case Action
	Case "Remove"
		Call DeleteRecord()
	Case "Lock"
		Call LockIP()
	Case "UnLock"
		Call UnLockIP()
	Case Else 
		Call Main()
end Select
%>
<%
Sub Main()
Call header()
%>
<form action="<%=myURL%>?Action=Remove" method="post" name="rzform">
<table class="table_800" cellpadding="0" cellspacing="0">
<tr>
 <th style="width:50px;">选择</th>
 <th style="width:80px;">IP</th>
 <th style="width:50px;">锁定</th>
 <th style="width:50px;">操作</th>
 <th style="width:120px;">页面</th>
 <th style="width:120px;">时间</th>
 <th style="width:50px;">方式</th>
 <th style="width:120px;">参数</th>
 <th>数据</th>
</tr>
<%
sql="select * from c_sqlrecords order by id desc"
Set MyPage = New RZPage
MyPage.SetSQL = sql
MyPage.PageSize = 20
MyPage.SetCss_PreNext="nextprev"
MyPage.SetCss_NumPage="pagenum"
MyPage.SetCss_CurrentPage="currentpage"
Set rs = MyPage.GetRS()
For i=1 To MyPage.PageSize
If Not rs.EOF Then 
%>
<tr  class="row">
 <td><input name="id" type="checkbox" id="id" value="<%=rs("id")%>"   onclick="chkRow(this);">
 </td>
 <td><%=rs("Bad_IP")%>
</td>
<td><%	if rs("Bad_IsKilled")=1 then 
			response.write "<font color='red'>已锁定</font>"
		else
			response.write "<font color='green'>已解锁</font>"
		end if
	%></td>
 <td>
 <%	if rs("Bad_IsKilled")=1 then 
		response.write "<a href="&myURL&"?action=UnLock&id="&rs("id")&">解锁</a>"
	else
		response.write "<a href="&myURL&"?action=Lock&id="&rs("id")&">锁定</a>"
	end if
%>
 </td>
 <td><input name="field_badpage" value="<%=rs("Bad_FromPage")%>" size="12"/></td>
 <td><%=rs("Bad_Time")%></td>
 <td><%=rs("Bad_PostOrGet")%></td>
 <td><%=rs("Bad_Parameters")%></td>
 <td><input type="text" name="showdata" value="<%=HTMLEncodeSimple(rs("Bad_Data"))%>"/></td>
</tr>
<%
rs.Movenext
Else
Exit For
End If
Next
%>
<tr>
<td colspan="9" class="tdcenter">
<input name="selectall" type="checkbox" id="selectall" value="" onClick="selectAll();" />全选&nbsp;&nbsp;&nbsp;<input type="button" name="action" class="btn" onClick="checkForm('sqlinj');" value="删除">
</td>
</tr>
</table>
</form>
<div id="bottompage">
<%MyPage.ShowPage()%>
<span class="recordcount">
<%MyPage.ShowPageInfo()%>
</span>
</div>
<%
Set MyPage=Nothing
Call footer()
end Sub
%>
<%
Sub header()
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SQL注入管理</title>
<link type="text/css" href="style/style.css" rel="stylesheet" rev="stylesheet"/>
<script type="text/javascript" language="javascript" src="admin_js/common.js"></script>
</head>
<body>
<br/>
<%
End Sub 
sub footer()
%>
</body>
</html>
<%
end Sub
Sub DeleteRecord()
dim id 
id = Trim(request.form("id"))
conn.execute("delete from c_sqlrecords where id in ( " & id & ")")
Response.Redirect myURL
End sub
Sub LockIP()
dim id
id = cInt(request.QueryString("id"))
conn.execute("update c_sqlrecords set Bad_IsKilled=1 where id="&id)
Response.Redirect myURL
End sub
Sub UnLockIP()
dim id
id = cInt(request.QueryString("id"))
conn.execute("update c_sqlrecords set Bad_IsKilled=0 where id="&id)
Response.Redirect myURL
End sub
Function HTMLEncodeSimple(str)
	str = Replace(str,"'","''")
    str = Replace(str, ">", "&gt;")
    str = Replace(str, "<", "&lt;")
    HTMLEncodeSimple = str
End Function
%>